Re: http://thesource.ofallevil.com/hmmm

Subject: Re: http://thesource.ofallevil.com/hmmm
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Fri Sep 13 2002 - 13:50:55 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Stanley Long: "mailing list management software ??"
• Previous message: W.D.McKinney: "Fwd: FYI: The YaST2 Package Manager (SL 8.1)"
• In reply to: Tim Johnson: "Re: http://thesource.ofallevil.com/hmmm"
• Next in thread: W.D.McKinney: "Re: http://thesource.ofallevil.com/hmmm"
• Reply: Mike Tibor: "Re: http://thesource.ofallevil.com/hmmm"
• Reply: Mike Tibor: "Re: http://thesource.ofallevil.com/hmmm"

On Fri, 13 Sep 2002, Tim Johnson wrote:

>
> * W.D.McKinney <deem@wdm.com> [020913 11:06]:
> >
> > Spoofing dns like this happens frequently. MS is especially a target.
> > I have seen many of these and whois database should not be your confirmation.
> > You had better get up to speed :-)
>
> Nows your chance. Enlighten, then I'll be up to speed.
> thnx

There actually isn't any spoofing going on here at all. Someone just
registered a domain, and setup an A record pointing to the IP address of
www.microsoft.com:

shatner:/usr/home/tibor$ host thesource.ofallevil.com
thesource.ofallevil.com is a nickname for source.ofallevil.com
source.ofallevil.com has address 207.46.230.219

shatner:/usr/home/tibor$ host 207.46.230.219
219.230.46.207.IN-ADDR.ARPA domain name pointer microsoft.com
219.230.46.207.IN-ADDR.ARPA domain name pointer microsoft.net
219.230.46.207.IN-ADDR.ARPA domain name pointer
www.international.microsoft.com
219.230.46.207.IN-ADDR.ARPA domain name pointer www.us.microsoft.com

shatner:/usr/home/tibor$ whois ofallevil.com

[...]
Of All Evil
   Hades
   Hell, on Earth
   CA

   Domain Name: OFALLEVIL.COM

   Administrative Contact:
        Evil One no@such---address.org
        Of All Evil
        Hades
        Hell, on Earth
        CA
        Phone:
        Fax:
   Technical Contact:
        Robert Mudryk rmudryk@YAHOO.COM
        lasers.org
        990 Dominion Dr.
        Westlake, OH 44145
        US
        Phone: 440 871-1223
        Fax: (440) 871-9284

   Record updated on 2002-06-06 22:54:03
   Record created on 2002-06-05
   Record expires on 2003-06-05
   Database last updated on 2002-09-13 17:47:20 EST

   Domain servers in listed order:

   AUTH00.LASERS.ORG 63.95.171.235
   AUTH01.LASERS.ORG 209.143.62.11

Register your domain name at http://www.bulkregister.com

Mike

-- 
Mike Tibor         Univ. of Alaska Anchorage    (907) 786-1001 voice
Network Technician     Consortium Library         (907) 786-6050 fax
tibor@lib.uaa.alaska.edu       http://www.lib.uaa.alaska.edu/~tibor/
http://www.lib.uaa.alaska.edu/~tibor/pgpkey  for PGP public key
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Stanley Long: "mailing list management software ??"
• Previous message: W.D.McKinney: "Fwd: FYI: The YaST2 Package Manager (SL 8.1)"
• In reply to: Tim Johnson: "Re: http://thesource.ofallevil.com/hmmm"
• Next in thread: W.D.McKinney: "Re: http://thesource.ofallevil.com/hmmm"
• Reply: Mike Tibor: "Re: http://thesource.ofallevil.com/hmmm"
• Reply: Mike Tibor: "Re: http://thesource.ofallevil.com/hmmm"

This archive was generated by hypermail 2a23 : Fri Sep 13 2002 - 13:50:59 AKDT